CVE-2016-2795

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6,as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,does not initialize memory for an unspecified data structure, which allowsremote attackers to cause a denial of service or possibly have unknownother impact via a crafted Graphite smart font.